CVSS: 5.0EPSS: 75%CPEs: 2EXPL: 1CVE-2000-0408 – Microsoft IIS 4.0/5.0 - Malformed File Extension Denial of Service
https://notcve.org/view.php?id=CVE-2000-0408
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. • https://www.exploit-db.com/exploits/19907 http://www.microsoft.com/technet/support/kb.asp?ID=260205 http://www.securityfocus.com/bid/1190 http://www.ussrback.com/labs40.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-030 •
CVSS: 7.5EPSS: 22%CPEs: 2EXPL: 1CVE-2000-0457 – Microsoft IIS 4.0/5.0 - Malformed Filename Request
https://notcve.org/view.php?id=CVE-2000-0457
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. • https://www.exploit-db.com/exploits/19908 http://marc.info/?l=bugtraq&m=95810120719608&w=2 http://www.securityfocus.com/bid/1193 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 https://exchange.xforce.ibmcloud.com/vulnerabilities/4448 •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2000-0304
https://notcve.org/view.php?id=CVE-2000-0304
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. • http://www.securityfocus.com/bid/1191 http://xforce.iss.net/alerts/advise52.php3 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 •
CVSS: 5.0EPSS: 90%CPEs: 3EXPL: 1CVE-2000-0413 – FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
https://notcve.org/view.php?id=CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. • https://www.exploit-db.com/exploits/19897 http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html http://www.securityfocus.com/bid/1174 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2000-0258
https://notcve.org/view.php?id=CVE-2000-0258
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. IIS 4.0 y 5.0 permite a atacantes remotos provocar una denegación de servicio enviando muchas URLs con un largo número de caracteres de escape, también conocida como la Vulnerabilidad "Myriad Escaped Characters". • http://www.securityfocus.com/bid/1101 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023 • CWE-20: Improper Input Validation •